Microsoft will Honor California’s New Privacy Rights Throughout the United States
Microsoft recently announced that it will voluntarily extend the core data privacy protections under the California Consumer Privacy Act (CCPA) to all its U.S. customers. The net effect of this announcement is that one of the world’s largest software and cloud services provider is extending GDPR-like protections to all citizens of the United States.
California's landmark privacy law, which takes effect on Jan. 1, 2020, has left many businesses struggling with whether to distinguish, in their compliance efforts, between those who live inside and outside the state. By moving first in such a prominent, public manner, Microsoft has set a compliance floor for US companies. CCPA is now the de facto minimum standard for consumer privacy rights, and is a model that is sure to be followed on a broad basis. Any company, especially one similarly situated to Microsoft, will now have a difficult time taking a less consumer-friendly approach to data privacy.
Microsoft also called on Congress to pass federal legislation giving protection to consumers nationwide, echoing the sentiments of many companies and privacy professionals. With multiple state-directed legislative efforts currently underway, it is already evident that companies will face a patchwork of laws with different standards and obligations, likely making it nearly impossible to simultaneously comply with all states' requirements.
“We are optimistic that the California Consumer Privacy Act — and the commitment we are making to extend its core rights more broadly — will help serve as a catalyst for even more comprehensive privacy legislation in the U.S.," wrote Microsoft Chief Privacy Officer Julie Brill, who is also corporate vice president for global privacy and regulatory affairs. "As important a milestone as CCPA is, more remains to be done to provide the protection and transparency needed to give people confidence that businesses respect the privacy of their personal information and can be trusted to use it appropriately.”
Do you or your business operate on the Internet? If yes, you should pay close attention to the reaction to Microsoft’s decision, as other companies are sure to follow.